Threat Database Ransomware Wulfric Ransomware

Wulfric Ransomware

By CagedTech in Ransomware

Malware researchers detect more and more ransomware threats pop-up every day. One of the newest file-encrypting Trojans that has emerged is the Wulfric Ransomware. This appears to be a data-locking Trojan that has been built from scratch as it does not belong to any of the popular ransomware families.

Spreading and Encryption

Cybersecurity experts have not been able to determine what propagation methods have the authors of the Wulfric Ransomware used in the spreading of their creation. Some believe that emails containing macro-laced attachments, pirated fake software downloaded from shady sources, and fraudulent application updates may be among the infection vectors involved in the propagation of the Wulfric Ransomware. Whichever way the Wulfric Ransomware finds itself on your system the result is one and the same – you are in for some trouble. This threat will scan your system to locate the files, which will be targeted for encryption. The next phase of the attack is the encryption process. When the Wulfric Ransomware locks a file, it amends its filename by adding '.aef' extension to it. This means that if you had a photo that you had named 'Lost-Poetry.jpg' the Wulfric Ransomware will change it to 'Lost-Poetry.jpg.aef' once the encryption process is through.

The Ransom Note

Next, the Wulfric Ransomware drops its ransom note, which is called 'hacked.txt.' The note reads:

'Attention, your files are encrypted !
the password it is random and itґs unique to your PC.
Pay the amount of 0.05 BTC to the bitcoin address: 1ERtRjWAKyG2Edm9nKLLCzd8p1CjjdTiF
After payment, send me a letter, attach the file pass.key to with payment notification.
Once payment is confirmed, I will send you decrypter for the files.
You can pay bitcoins online in many ways: - payment by bank card
About Bitcoins:
If you have any questions, write to me at
As a bonus, I will tell you how hacked your computer is and how to protect it in the future.'

In the note, the criminals demand a ransom fee of 0.05 Bitcoin (~$475 at the time of writing this post). They also provide an email address where the victim can contact them for further instructions – '' The Wulfric Ransomware also changes the victim's wallpaper to grab their attention and make sure that they realize what has happened with their files. The image they have used has a wolf on the left, and a copy of the text of the ransom note on the right.

We recommend you strongly to avoid any contact with cyber crooks like the ones behind the Wulfric Ransomware. Instead, download and install a legitimate anti-spyware application, which will rid you of the Wulfric Ransomware.


Most Viewed